Tech Vigil
No Result
View All Result
  • Login
  • Home
  • Business
    • Cell Phone
  • Computers
    • Data Security
  • Digital Marketing
    • E-Commerce
  • Gadgets
    • Apps
  • Laptops
    • Microsoft
    • Software
  • Networking
  • Tech
  • Contact
  • Pages
    • About Us
    • DMCA
    • Privacy Policy
    • Terms and Conditions
  • Home
  • Business
    • Cell Phone
  • Computers
    • Data Security
  • Digital Marketing
    • E-Commerce
  • Gadgets
    • Apps
  • Laptops
    • Microsoft
    • Software
  • Networking
  • Tech
  • Contact
  • Pages
    • About Us
    • DMCA
    • Privacy Policy
    • Terms and Conditions
No Result
View All Result
Tech Vigil
No Result
View All Result
Home Data Security

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Ronnie Daniels by Ronnie Daniels
February 12, 2019
Reading Time:4min read
0

On December 28, 2018, Michigan followed the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the shape of Michigan H.B. 6491 (Act). By doing so, Michigan joins Ohio and South Carolina as the 0.33 country to undertake the Model Law and the fifth nation – in conjunction with Connecticut and New York – to have enacted cybersecurity guidelines targeted on coverage organizations. See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500. (Please see our earlier coverage for extra statistics on Ohio and South Carolina’s adoption of the Model Law). Moreover, adoption of the Model Law continues to be gaining steam with Rhode Island probably next in line.

RELATED POSTS

The 8 key methods to evaluate healthcare facts protection tools

Don’t Acquire a Company Until You Evaluate Its Data Security

NCipher, Credence Security

Michigan’s Act, which adds chapter 5A to Michigan’s Insurance Code, seeks to set up “the different requirements applicable to licensees for information protection, the research of a cybersecurity occasion” and sure regulatory notifications. MCL § 500.550. The Act defines licensees as people authorized, registered, or certified underneath Michigan insurance laws or required to be so. MCL § 500.553(g). This means all insurers, groups, and brokers doing business in Michigan are included. By contrast, reinsurers domiciled outdoor of Michigan in addition to danger retention corporations and buying agencies chartered and certified in every other kingdom are excluded from the Act. Id.

The Act requires licensees to:

Develop, put into effect, and hold a comprehensive information safety application that consists of administrative, technical, and bodily safeguards to shield nonpublic statistics and the licensee’s information device within one year of the powerful date of the Act;
Perform a threat assessment that includes determining the appropriateness of enforcing protections such as multifactor authentication, ordinary penetration trying out, and encrypting information at relaxation;
Develop a proper incident response plan to reply to a cybersecurity occasion as described;
Require third-party service companies to implement security measures to protect and cozy any facts systems and personal information by using January 20, 2023;
Report data breaches to the Superintendent inside ten (10) commercial enterprise days after willpower that a cybersecurity event has come about;
Certify compliance to the Insurance Department Director by way of filing a written declaration; and
Retain for five years all records supporting the certificate of compliance for inspection by the Superintendent.

While the Act largely tracks the Model Law, it departs from it in several substantial respects:

Private Action Provisions

The Act expressly forecloses the possibility that its adoption creates or implies a private reason of movement for violation of its provisions, however does no longer “curtail a private reason of action that could in any other case exist” below Michigan regulation. MCL § 500.550.

ADVERTISEMENT

FOIA Protections

The Act specifies that any documents furnished to NAIC or other third-celebration representative are not a problem to the kingdom’s freedom of statistics act, subpoena, or discovery in a non-public action. MCL § 500.664(6).

Exclusive State Cybersecurity Standards

Similar to Ohio’s regulation, the Act “establishes the specific standards, for this nation, relevant to licensees for information safety, the research of a cybersecurity occasion, and notification to the director.” Id. The Act provides an additional protection for reinsurers, mentioning that they do now not have country word responsibilities out of doors of those distinctive under the Act. MCL § 500.560(6). The Act does no longer, of course, supersede federal privateness or facts security legal guidelines, inclusive of HIPAA.

Dedicated Customer Notice Provisions

While the Model Act assumes that customer observes obligations can be equivalent to those required below the country’s preferred statistics breach notification regulation, the Act creates enterprise-specific necessities. MCL § 500.561. In specific, the Act requires to observe of a cybersecurity occasion to any kingdom resident unless there’s an inexpensive dedication that the event “has no longer or is not in all likelihood to motive sizeable loss or damage” or bring about identification robbery. Id. Such word should be provided “without unreasonable postpone.” MCL § 500.561(b)(four).

In addition to this primary requirement, the Act’s consumer word provisions also offer for the following:

Written observe as well as the digital note, phone word or “substitute” notice (i.E. Website posting or word to statewide media) wherein particular conditions are met;
Reasonable delay of notice where it’s far important for remediation efforts, or if the delay is asked via regulation enforcement or national security company;
Notification to nationwide credit organizations where observe is required to more than 1,000 citizens; and
It provides a safe harbor for licensees challenge to and who comply with the consumer observe requirements of HIPAA and guidelines promulgated thereunder.

Good Faith Acquisition Safe Harbor

The Act excludes from its definition of cybersecurity occasion the unauthorized access to records with the aid of a person performing in “exact religion” and in a manner “related to the sports of the character.” MCL § 500.553(c)(ii)(A-B). The Act for that reason makes a specialty of the one’s breaches due to 0.33 events maximum possibly to be concentrated on touchy records for nefarious purposes. Like the Model Law, the Act excludes from the definition of cybersecurity event any nonpublic information that becomes encrypted. MCL § 500.553(c)(i).

Ten Day Reporting Requirement

In a circulate that is extra generous than the seventy-two-hour requirement of the Model Law and the three business days requirement of Ohio’s law, the Act requires a licensee to file a cybersecurity incident to the Department inside “ten commercial enterprise days” after a dedication that one has passed off. MCL § 500.559(1).

Additional Safe Harbor for In-State Licensees

Compared to the Model Act, the Act affords an extra safe harbor for Michigan-primarily based licensees, requiring a document most effective in which the cybersecurity occasion has an affordable probability of materially harming a customer or the licensee’s operations. MCL § 500.559(a)(iii). The Model Act affords this safe harbor handiest for out-of-state licensees.

ShareTweetPin
Ronnie Daniels

Ronnie Daniels

Related Posts

The 8 key methods to evaluate healthcare facts protection tools
Data Security

The 8 key methods to evaluate healthcare facts protection tools

April 18, 2019
Don’t Acquire a Company Until You Evaluate Its Data Security
Data Security

Don’t Acquire a Company Until You Evaluate Its Data Security

April 18, 2019
NCipher, Credence Security
Data Security

NCipher, Credence Security

April 18, 2019
Why purge is the subsequent cyber buzzword
Data Security

Why purge is the subsequent cyber buzzword

April 18, 2019
Filling the Cybersecurity Void
Data Security

Filling the Cybersecurity Void

April 18, 2019
Justdial Says Data Leak Affecting a hundred Mn Users Fixed
Data Security

Justdial Says Data Leak Affecting a hundred Mn Users Fixed

April 18, 2019
Next Post
Health Data Security: The Most Promising Technologies

Health Data Security: The Most Promising Technologies

How do i teach my employees for Cyber Security?

How do i teach my employees for Cyber Security?

No Result
View All Result

Today Trending

5 Must Know Mac Shortcuts
Laptops

5 Must Know Mac Shortcuts

by Ronnie Daniels
December 22, 2020
5 Great Adobe Spark Tips and Tricks to Perfect Your Craft
Software

5 Great Adobe Spark Tips and Tricks to Perfect Your Craft

by Ronnie Daniels
December 20, 2020
Laptops

Buying a Laptop? Tips on What to Look For (What to Avoid)

by Ronnie Daniels
December 15, 2020
Marketing
Digital Marketing

Join Affiliate Marketing & Get Paid for Your Marketing Skills

by Ronnie Daniels
December 2, 2020
How to choose best SEO Services?
Tech

How to choose best SEO Services?

by Ronnie Daniels
November 2, 2020

Editior's Picks

Washington University pupil hit inside the face, robbed of his cellular phone
Cell Phone

Washington University pupil hit inside the face, robbed of his cellular phone

February 11, 2019
Giant Direct e-commerce hub gets beneath way
E-Commerce

Giant Direct e-commerce hub gets beneath way

February 14, 2019
Review: Phone Technology is Only Part of the Surreal Story in Dead Man’s Cell Phone by means of the Comrades
Cell Phone

Review: Phone Technology is Only Part of the Surreal Story in Dead Man’s Cell Phone by means of the Comrades

February 13, 2019
Auto Bits: Tire-related crash deaths exceed deaths due to cellular phone distraction according to protection specialists
Cell Phone

Auto Bits: Tire-related crash deaths exceed deaths due to cellular phone distraction according to protection specialists

February 12, 2019
In the Spotlight: AlchemyLeads Conjures Up Digital Marketing Success for Clients
Digital Marketing

In the Spotlight: AlchemyLeads Conjures Up Digital Marketing Success for Clients

February 14, 2019

About Us

TechVigil is the best website where You can get daily update on internet stuff just like digital Marketing, mobile and tech also many more so subscribe our newsletter to never miss any update from us.

Contact Us: [email protected]

Editior’s Picks

  • 5 Must Know Mac Shortcuts
  • 5 Great Adobe Spark Tips and Tricks to Perfect Your Craft
  • Buying a Laptop? Tips on What to Look For (What to Avoid)
  • Join Affiliate Marketing & Get Paid for Your Marketing Skills
  • How to choose best SEO Services?

Newsletter

Latest Post

5 Must Know Mac Shortcuts
Laptops

5 Must Know Mac Shortcuts

by Ronnie Daniels
December 22, 2020

© 2020- TechVigil | All Rights Reserved To Us

No Result
View All Result
  • About Us
  • Contact
  • DMCA
  • Home
  • Privacy Policy
  • Terms and Conditions

© 2020- TechVigil | All Rights Reserved To Us

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In